CryptoPhoto tokens are all password protected, and CryptoPhoto SmartPhone
APPs can also be independently passwords protected - stolen tokens or lost
codes cannot be used by others.

No algorithms or seeds exist which can be used to infer or compute
token security data.

2-Factor authentication

CryptoPhoto adds genuine high-security 2-factor authentication to
online services. Customers use their first "factor" (their username
and password) via their browser, and their second factor (their physical
token or smartphone app) verifies both the customer (to the site) at
the same time as verifying the site to the customer.

CryptoPhoto includes the additional protection of two-way authentication
as well as the whole range of security benefits shown above.

2-Channel authentication transport

The CryptoPhoto smartphone apps all feature second-channel credential
transport, protecting you against live and sophisticated phishing and
man-in-the-middle attacks.

For the first time, CryptoPhoto offers legitimate web sites a means to
strongly "authenticate" with users during the login process. Sites do
this by showing one image to the user from from their token. Imposter
sites are unable to guess images on users tokens, so this blocks
phishing. ("blocks", as opposed to "mitigates", because the correct
image is needed by the user to locate their row/col passcode - without
the correct image, the user is blocked from accidentally logging into
the wrong place, as well as alerted to the potential scam taking
place)

The row and column codes are different for subsequent logins,
neutralizing keylogger problems as well.

Images from the token are chosen for display to the user, such that
the display order is random (true random, not any algorithm
subsequent to theft, like the recent RSA breakin), and images are not
repeated. Upon exhaustion, the token can either be
discarded/replaced, or re-used, depending on the issuing party's or
users security preferences.